POPIA Explained: Your 5-Minute Guide to SA’s New Data Privacy Law
Has your inbox suddenly been flooded with mails all about POPIA, privacy and new legal changes? Ours certainly have been!
Now that the dust has settled a little, we’re posting to clarify any remaining questions you might have, and give you a helpful recap about what POPIA is, and what it means going forward.
Intro to POPIA
On July 1st 2021, South Africa’s new Protection of Personal Information Act (POPIA) came into force. With it, data, privacy and record-keeping requirements changed for thousands of organisations around South Africa. Not only for government entities and large corporates, but SMB’s, too.
In brief, the Protection of Personal Information Act (POPIA) is South Africa’s new data protection law. It’s aim is to protect individuals from harm by ensuring the their personal data is always handled correctly, prudently and with their consent.
To do this, the Protection of Personal Information Act lays out a number of specific conditions for when and how it is lawful for someone to process someone else’s personal information. It also places strict requirements on how that data is safeguarded and used.
What do the requirements include?
The POPIA requirements cover factors such as accountability, processing limitations, information quality, openness, security safeguards, and data subject participation, among others.
Some of the basic principles include:
- Personal information may only be processed in a fair and lawful manner and only with the consent of the data subject.
- Personal information may only be processed for specific, explicitly defined and legitimate reasons.
- Personal information may not be processed for a secondary purpose unless that processing is compatible with the original purpose.
- The data subject whose information you are collecting must be aware that you are collecting such personal information and for what purpose the information will be used.
- Personal information must be kept secure against the risk of loss, unlawful access, interference, modification, unauthorised destruction and disclosure.
- Data subjects may request whether their personal information is held, as well as the correction and/or deletion of any personal information held about them.
What is “personal information”?
For the purposes of the act, “personal information” means information relating to an identifiable, living natural person and, where applicable, an identifiable company or other similar legal entity.
Information about age, gender and race, identity numbers, telephone numbers, location information, online identifiers, and personal opinions and preferences are all included in the definition. Personal data on disabilities, physical or mental health, financial, criminal or employment histories are also included.
Who is affected by the act?
Any natural or juristic person who processes personal information – including large corporates and government – are affected. Currently, SMEs are also included.
What steps do companies have to take to comply with the act?
There are various requirements placed on companies by POPIA. Among them are the need to:
- Appoint an information officer
- Raise awareness of POPIA among employees
- Report data breaches
- Only share personal information when they are lawfully allowed to
At The CRM Team, we’ve always been committed to the strictest client confidentiality and data security protocols. You trust us with your personal data, and we work hard to keep that data secure. With the passage of POPIA, we’re doubling down on that promise, to ensure your personal information is always used appropriately, transparently and in accordance with the applicable laws.
If you have any further questions about POPIA or want to get your business compliant, feel free to get in touch.
Don’t miss more articles by The CRM Team
Why marketing automation is important for every business – including yours Many companies know the term “marketing automation”. But what, exactly, is it? In short, marketing automation is this: the digital tools that make marketing simpler and more effective. At a...
Teams and Dynamics 365 - They go together like PB & J! And that’s just part for the lunchbox of new tech reveals at Microsoft Inspire 2021. Microsoft recently held its annual Inspire conference – the tech giant’s annual release of all that’s new and innovative in...
8 key benefits of marketing automation In a nutshell, marketing automation refers to all the digital tools that help marketers reach customers more efficiently, effectively and scalably. But what are the real differences between business that use marketing automation...